Commit graph

6524 commits

Author SHA1 Message Date
Andrzej Kurek 03bac448db Change accepted ciphersuite versions when parsing server hello
Accept only ciphersuites for version chosen by the server
2018-04-25 05:06:07 -04:00
Mohammad Azim Khan 1d3b508b82 Same ciphersuite validation in server and client hello 2018-04-20 18:54:18 +01:00
Gilles Peskine f2b76cd45c Merge remote-tracking branch 'upstream-restricted/pr/461' into development-restricted-proposed 2018-04-19 17:41:39 +02:00
Manuel Pégourié-Gonnard 7aeb470f61 Merge remote-tracking branch 'public/pr/1234' into development-proposed
* public/pr/1234:
  Doxygen: don't traverse symbolic links
2018-04-18 16:13:52 +02:00
Manuel Pégourié-Gonnard 64f5adf9f9 Merge remote-tracking branch 'public/pr/1380' into development-proposed
* public/pr/1380:
  Update ChangeLog for #1380
  Generate RSA keys according to FIPS 186-4
  Generate primes according to FIPS 186-4
  Avoid small private exponents during RSA key generation
2018-04-18 16:13:52 +02:00
Manuel Pégourié-Gonnard 4acb0055e3 Merge remote-tracking branch 'public/pr/1518' into development-proposed
* public/pr/1518:
  Update platform.h
  Update platform.h
2018-04-18 16:13:52 +02:00
Manuel Pégourié-Gonnard 66d396826a Merge remote-tracking branch 'public/pr/1516' into development-proposed
* public/pr/1516:
  Update sha512.h
2018-04-18 16:13:52 +02:00
Manuel Pégourié-Gonnard bb93c04aab Merge remote-tracking branch 'public/pr/1515' into development-proposed
* public/pr/1515:
  Update sha256.h
  Update sha256.h
2018-04-18 16:13:52 +02:00
Gilles Peskine b80f04eb67 Merge remote-tracking branch 'upstream-public/pr/1514' into development-proposed 2018-04-18 16:13:30 +02:00
Gilles Peskine 2e1934ac0c Fix comment formatting to pacify check-names.sh 2018-04-18 16:08:26 +02:00
Manuel Pégourié-Gonnard a9377336be Merge remote-tracking branch 'public/pr/1513' into development-proposed
* public/pr/1513:
  Update rsa.h
  Update rsa.h
  Update rsa.h
2018-04-18 11:58:53 +02:00
Manuel Pégourié-Gonnard 0392bff1b9 Merge remote-tracking branch 'public/pr/1512' into development-proposed
* public/pr/1512:
  Update md.h
  Update md.h
2018-04-18 11:57:50 +02:00
Manuel Pégourié-Gonnard b3a8fe7285 Merge remote-tracking branch 'public/pr/1509' into development-proposed
* public/pr/1509:
  Update ecdh.h
  Update ecdh.h
2018-04-18 11:56:49 +02:00
Manuel Pégourié-Gonnard 01d72df113 Merge remote-tracking branch 'public/pr/1508' into development-proposed
* public/pr/1508:
  Update ctr_drbg.h
  Update ctr_drbg.h
2018-04-18 11:55:30 +02:00
Manuel Pégourié-Gonnard 7153496395 Merge remote-tracking branch 'public/pr/1507' into development-proposed
* public/pr/1507:
  Update cmac.h
  Update cmac.h
2018-04-18 11:54:42 +02:00
Manuel Pégourié-Gonnard c265a25f4f Merge remote-tracking branch 'public/pr/1503' into development-proposed
* public/pr/1503:
  Update aes.h
  Update aes.h
2018-04-18 11:48:10 +02:00
Rose Zadik 21e2926736
Update rsa.h
minor change to the file's brief desc.
2018-04-17 14:08:56 +01:00
Rose Zadik 6ee22a7d52
Update sha256.h
Minor fix based on review comments
2018-04-17 10:38:39 +01:00
Rose Zadik 92d66b88ae
Update sha1.h
Changes based on review comments
2018-04-17 10:36:56 +01:00
Rose Zadik f2ec288bf8
Update rsa.h
Changes based on review comments.
2018-04-17 10:27:25 +01:00
Rose Zadik f3e4736131
Update md.h
Changes based on review comments
2018-04-16 16:31:16 +01:00
Rose Zadik 7375b0f6c1
Update ecdh.h
Changs based on review comments
2018-04-16 16:04:57 +01:00
Rose Zadik 9464d7b6e3
Update platform.h
Implemented changes based on review comments
2018-04-16 15:28:35 +01:00
Rose Zadik f25eb6eef6
Update ctr_drbg.h
minor changes based on comments
2018-04-16 14:51:52 +01:00
Rose Zadik c138bb7b05
Update cmac.h
minor changes based on comments
2018-04-16 11:11:25 +01:00
Rose Zadik 819d13dfff
Update aes.h
fixed missing multiple returns on mbedtls_aes_setkey_enc
2018-04-16 09:35:15 +01:00
Jethro Beekman cb122373f0 Update ChangeLog for #1380 2018-04-11 08:40:38 -07:00
Jethro Beekman c645bfe176 Generate RSA keys according to FIPS 186-4
The specification requires that P and Q are not too close. The specification
also requires that you generate a P and stick with it, generating new Qs until
you have found a pair that works. In practice, it turns out that sometimes a
particular P results in it being very unlikely a Q can be found matching all
the constraints. So we keep the original behavior where a new P and Q are
generated every round.
2018-04-11 08:38:37 -07:00
Jethro Beekman 666892792d Generate primes according to FIPS 186-4
The specification requires that numbers are the raw entropy (except for odd/
even) and at least 2^(nbits-0.5). If not, new random bits need to be used for
the next number. Similarly, if the number is not prime new random bits need to
be used.
2018-04-11 08:38:37 -07:00
Jethro Beekman 97f95c9ef3 Avoid small private exponents during RSA key generation
Attacks against RSA exist for small D. [Wiener] established this for
D < N^0.25. [Boneh] suggests the bound should be N^0.5.

Multiple possible values of D might exist for the same set of E, P, Q. The
attack works when there exists any possible D that is small. To make sure that
the generated key is not susceptible to attack, we need to make sure we have
found the smallest possible D, and then check that D is big enough. The
Carmichael function λ of p*q is lcm(p-1, q-1), so we can apply Carmichael's
theorem to show that D = d mod λ(n) is the smallest.

[Wiener] Michael J. Wiener, "Cryptanalysis of Short RSA Secret Exponents"
[Boneh] Dan Boneh and Glenn Durfee, "Cryptanalysis of RSA with Private Key d Less than N^0.292"
2018-04-11 08:38:37 -07:00
Manuel Pégourié-Gonnard 4ca9a45756 Merge remote-tracking branch 'public/pr/1560' into development-proposed
* public/pr/1560:
  Warn if using a memory sanitizer on AESNI
2018-04-11 13:06:30 +02:00
Manuel Pégourié-Gonnard e72d3225a7 Merge remote-tracking branch 'public/pr/1559' into development-proposed
* public/pr/1559:
  Make the memset call prior to FD_ZERO conditional to needing it
2018-04-11 13:05:31 +02:00
Gilles Peskine 5053efde33 Warn if using a memory sanitizer on AESNI
Clang-Msan is known to report spurious errors when MBEDTLS_AESNI_C is
enabled, due to the use of assembly code. The error reports don't
mention AES, so they can be difficult to trace back to the use of
AES-NI. Warn about this potential problem at compile time.
2018-04-05 15:37:38 +02:00
Gilles Peskine ec4733b645 Make the memset call prior to FD_ZERO conditional to needing it
Zeroing out an fd_set before calling FD_ZERO on it is in principle
useless, but without it some memory sanitizers think the fd_set is
still uninitialized after FD_ZERO (e.g. clang-msan/Glibc/x86_64 where
FD_ZERO is implemented in assembly). Make the zeroing conditional on
using a memory sanitizer.
2018-04-05 14:55:47 +02:00
Krzysztof Stachowiak 94d49978eb Improve comments style 2018-04-05 14:48:55 +02:00
Krzysztof Stachowiak cd09fc812d Remove a redundant test 2018-04-05 14:48:18 +02:00
Krzysztof Stachowiak 73b183c3bb Add buffer size check before cert_type_len read 2018-04-05 10:20:09 +02:00
Gilles Peskine 80aa3b8d65 Merge branch 'pr_946' into development-proposed 2018-04-04 10:33:45 +02:00
Gilles Peskine 5c77f2ef37 Merge remote-tracking branch 'upstream-public/pr/1535' into development-proposed 2018-04-04 10:31:09 +02:00
Gilles Peskine e4d3b7f860 Fix merge glitch in ChangeLog 2018-04-04 09:28:48 +02:00
Gilles Peskine b9e8696d56 Merge remote-tracking branch 'upstream-public/pr/1142' into development-proposed 2018-04-04 09:20:59 +02:00
Gilles Peskine 315b460593 Merge remote-tracking branch 'upstream-public/pr/1457' into development-proposed 2018-04-04 09:19:27 +02:00
Gilles Peskine 73db8380ca Merge remote-tracking branch 'upstream-public/pr/1547' into development-proposed 2018-04-04 09:19:12 +02:00
Gilles Peskine be2371c3d9 Merge branch 'pr_348' into development-proposed 2018-04-04 09:18:27 +02:00
Gilles Peskine 557e77d9a3 Add ChangeLog entry 2018-04-04 09:18:11 +02:00
Gilles Peskine a09453f495 Merge branch 'pr_1395' into development-proposed 2018-04-04 09:14:12 +02:00
Gilles Peskine d6953b58d7 Improve changelog entry 2018-04-04 09:09:29 +02:00
Gilles Peskine 1fae860f0f Merge remote-tracking branch 'upstream-public/pr/1543' into development-proposed 2018-04-04 09:03:25 +02:00
Hanno Becker f4e5b7e87d Additionally initialize fd_set's via memset in mbedtls_net_poll
The initialization via FD_SET is not seen by memory sanitizers if
FD_SET is implemented through assembly. Additionally zeroizing the
respective fd_set's before calling FD_SET contents the sanitizers
and comes at a negligible computational overhead.
2018-04-03 16:28:09 +01:00
Andrzej Kurek b364053a87 pk_sign: add stdlib include 2018-04-03 06:16:04 -04:00